I will show the quickest way of running your own-built Linux system in QEMU emulator. Did I say quickest? Let’s start then:

1

2

3

$ git clone git://git.buildroot.net/buildroot

$ cd buildroot/

$ make qemu_arm_versatile_defconfig

Where qemu_arm_versatile_defconfig is file & defconfig name from buildroot/configs directory. Next:

1

$ make menuconfig

And menu similar to Linux kernel menuconfig shows up. Since we preconfigured it with the defconfig file, there is almost nothing to change here. Be sure to have all tools from Build options —> Commands menu installed in your host system.

In Build options check Enable compiler cache which will save compiler output files and make consequent compilations faster. It is not necessary though.

Now type this and get some coffee:

1

$ make

We have now the time to chat a bit. So, what we have just done is we run a massive process of downloading core packages and compiling them into toolchain, kernel and root filesystem that will became our own, small Linux OS. Ever heard that making Linux for embedded devices is hard? Well, it is. But we have taken three huge shortcuts.

First, by using Buildroot which is a big set of Makefiles that configures and compiles GCC, C library and whole OS ecosystem (BusyBox). What it produces in the end are the Linux kernel and the image of root filesystem.

Second shortcut is configuring Buildroot with qemu_arm_versatile_defconfig. There is nothing to change within the kernel thanks to this. This configuration file along with buildroot/board/qemu/arm-versatile/linux-4.9.config tells Buildroot to set kernel configuration to suit ARM Versatile boards template. This is one of the development platforms supported both by Linux and QEMU out of the box.

The last one is the use of QEMU. Because of that, we do not have to configure any bootloader (like U-Boot for instance). All we need to do is to run one command right after the compilation ends:

Update: Second half of this tutorial refers to the binwalk version 1.2.1 only. It appears that with 1.2.2 release, problem with setup.py has been resolved. Diff here.

Firstly, a few dependencies.

There is a package “file” in Slackware but it doesn’t have it’s Python bindings installed. You need to download appropriate source file from here: ftp://ftp.astron.com/pub/file/. Choose version that you have in your system. In my case it is 5.14.

1

2

3

# tar xzf file-5.14.tar.gz

# cd file-5.14/python

# python setup.py install

At this point you should run something like this without getting an exception:

1

2

3

4

5

6

7

8

# python

Python 2.7.5 (default, May 29 2013, 02:28:51)

[GCC 4.8.0] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> import magic

>>> magic.MAGIC_NO_CHECK_TEXT

131072

>>>

Next, you may want to get matplotlib working. This is not required to and if you don’t want it you can fall back to regular binwalk install procedure (docs/README in binwalk sources) and quit reading this text. From now on, I assume you want to have fancy plotting option in your binwalk.

There is a bunch of packages to install. My preferred way to do this is by getting them from SlackBuilds. You can also use sbopkg tool, to speed up whole process. Install following packages in order: pysetuptools, six, python_dateutil, pytz, numpy and matplotlib.

Before we proceed there is a test to perform. Switch to non-root user and type:

1

2

3

4

5

6

$ python

Python 2.7.5 (default, May 29 2013, 02:28:51)

[GCC 4.8.0] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> import matplotlib.pyplot

>>>

If you don’t get anything more serious than some fontconfig warnings, It’s OK to proceed.

Now it’s tricky part. You want to have your binwalk installed globally since this is how setup script works, but installer (matplotlib.pyplot, actually) needs X server and you don’t have it in root’s python session. Because you verified that matplotlib.pyplot works on non-root user, where one usually runs software from, you can make little ugly hack to binwalk’s setup.py file. Let’s change the way how installer checks if matplotlib is present. This is a diff of original and modified file in patch format:

1

2

3

4

5

6

7

8

9

10

11

--- setup.py

+++ setup.py

@@ -26,6 +26,8 @@

sys.exit(1)

try:

+ import matplotlib

+ matplotlib.use('Agg')

importmatplotlib.pyplot

exceptException,e:

print"\n","*"*WIDTH

By changing method of plotting (to textual) you bypass the need for X server and installation runs smoothly. And app should work great too.

This is it, enjoy your binwalk:)

P.S.
You may get a warning each time you run binwalk:

1

Warning: New continuation level 2 is more than one larger than current level 0

This is application running in ChibiOS/RTRTOS with addition of µGFX framework. It mimics screen unlocker known from Andriod smartphones. It was tested on Embest DM-STF4BB board with DM-LCD35RT LCD display, but should run on any other supported by µGFX. It works properly in ChibiOS/RT simulator also. For details how to run it there, please visit simulator introduction (link is dead, I’ll update this once it appears somewhere).

It allows to configure number of columns and rows you want to have, colors of the “rings” and few other options. The distance between rings is calculated automatically based on screen size and number of columns and rows. There are two functions to handle unlocker. displayUnlockerSetup() is used to draw and save unlock sequence. displayUnlocker() simply displays unlocker and exits if user drew proper pattern, either set by setup function or hardcoded. There is no persistence mechanism to store patterns.

Or how to debug embedded devices with Kate editor, GCC toolchain, OpenOCD and JTAG. Or, how to replace Eclipse in embedded developer’s work.

I do most of my work with open source software, including this running on PC desktop. Few years ago my environment of choice became KDE (KDE SC nowadays). One of areas in which this choice (not ideal) shows its superiority over other desktops is multitude of accompanying applications. And the most useful for me are text editors. This backyard is dominated by indissoluble duo: KWrite and Kate. As it appears, these tools (more precisely, Kate – as it is “bigger brother”) can be used to do much more than editing.

So if you sit with KDE and some embedded stuff in front of your eyes why not give Kate a try? Curiously enough, it took me a while to hit on this idea;)

Kate setup

Start with regular Kate setup. Make new session, choose directory for it and import some source files – let us have something to play with. After that enable two plugins that Kate comes with: “Build Plugin” and “GDB”.

Kate Plugin Manager

First one can execute “make” inside project directory, second gives actual ability to debug. Both of them extend interface of Kate a bit. This is how my editor looks now:

Kate main window

At top toolbar area appeared a bunch of unsurprisingly familiar buttons. I had to manually add first one (“Start debugging”). At the bottom there are two new activators: “Debug View” and “Build Output”. Open the first one and go to “Settings” tab, then click “Advanced Settings”.

GDB advanced settings dialog

This is where your desired setup may start to diverge from mine, but general guidelines should be the same for any case. In “GDB command” field put GDB executable name. Full path here is preferred, I didn’t manage to make it work relying on PATH. From select choose “Remote TCP”, set “localhost” as a host and “3333” as a port that GDB will connect to. OpenOCD usually binds there. In “Custom Startup Commands” type all instructions that GDB have to execute before start debugging. This is important step, as Kate doesn’t know anything about debug server and your target. Every initialization step you have to undertake should go here or to OpenOCD scripts. Most common are loading binary to flash, remapping memory, setting clocks. To program flash you can use either GDB commands (if they work) or pass OpenOCD instructions as argument of “monitor” (or shortly: “mon”) command – as I do. Note last line of my input: I make GDB automatically break on “main” function.

GDB plugin settings

Back to Settings tab, set path to executable file (usually in ELF format). If you set working directory, executable can be just a file name. The nice thing about Kate GDB plugin is that apart from controlling GDB it gives you its command prompt (GDB output tab). To keep focus on GDB console, select “Keep focus”. If your setup handles IO redirection properly, you should be able to control it in tab “IO”, which appears after checking “Redirect IO”. Mine doesn’t, so I did not test it. I saved this setup under “openocd” name; use whichever you like. Configurations are easily selectable in “Debug > Targets” top menu.

Build settings tab

Next, configure build add-on settings. Hit “Build Output” activator at the bottom and select “Target Settings” tab. Fill in working directory, and next three inputs. I chose “Build” command to run both clean and make so the “Quick compile” executes only make and “Build” rebuilds entire project. Again, you can save this configuration under arbitrary name and load it later in “Build > Targets”. Build plugin doesn’t have its own toolbar so commands will be available in “Build” top menu.

Let’s run it!

Having this done we can move into action. Build your project using menu “Build > Build”. Then go to “Terminal” activator and type OpenOCD startup command. This activator shows up after enabling “Terminal tool view” plugin.

For my target I execute:

1

openocd -f board/stm32f4discovery.cfg

Example:

Kate terminal window

Click “Start Debugging” button. GDB Output tab should appear:

GDB console

This is just a GDB console. Debugger stopped at “main” function as we told it to do. You can type “c” (continue) directly in highlighted input box, or hit “Continue” button from toolbar. Before doing that set cursor in editor to certain place in main() and make there breakpoint with “Toggle breakpoint” button.

Breakpoint inserted

Breakpoint line gets light red background. Inserting breakpoints is possible only when program is not being run.

Local variables view

Toggling activator to the right of main window, we get local variables preview.

To sum up

There are few more options that both described plugins provide, but most of “the meat” ends here. This is no equivalent to Eclipse-based toolchain setup (not to mention others), but makes nice distinction (faster! not Java! …and not Java!). And also gives very good quality of text editing, something what KatePart is known of. There is even vi-like mode:) Should you happen to consider improving current state of GDB plugin, maybe to push it more towards embeded world or to contribute to Kate itself – do not hesitate, it’s authors will welcome your efforts warm. So do I!

I uploaded one of my student projects to GitHub: Canny algrithm implementation. This is popular method of finding edges in the image invented in 80’s: http://en.wikipedia.org/wiki/Canny_edge_detector. What you will find here is extremely naive approach, possibly with bugs and certainly not written with memory consumption issues in mind. But that’s just student project, it served well for its purpose:) Make sure to see README:

Embedded systems gurus always repeated: don’t use floating-point numbers in your firmware! But what if you have processor with a FPU? Well, then you simply can. Do not forget, however, to carefully look at your disassembly file, as always.

So this is what we get with GCC 4.6.2 on Cortex-M3:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

float a = 0.123123f;

8000350: 4b21 ldr r3, [pc, #132] ; (80003d8 <main+0xd8>)

8000352: 617b str r3, [r7, #20]

float b = 0.123123f;

8000354: 4b20 ldr r3, [pc, #128] ; (80003d8 <main+0xd8>)

8000356: 613b str r3, [r7, #16]

float c = 0.0f;

8000358: 4b20 ldr r3, [pc, #128] ; (80003dc <main+0xdc>)

800035a: 60fb str r3, [r7, #12]

c = a * b;

800035c: 6978 ldr r0, [r7, #20]

800035e: 6939 ldr r1, [r7, #16]

8000360: f000 f8d6 bl 8000510 <__aeabi_fmul>

8000364: 4603 mov r3, r0

8000366: 60fb str r3, [r7, #12]

b = c;

8000368: 68fb ldr r3, [r7, #12]

800036a: 613b str r3, [r7, #16]

(...)

08000510 <__aeabi_fmul>:

8000510: f04f 0cff mov.w ip, #255 ; 0xff

8000514: ea1c 52d0 ands.w r2, ip, r0, lsr #23

8000518: bf1e ittt ne

800051a: ea1c 53d1 andsne.w r3, ip, r1, lsr #23

800051e: ea92 0f0c teqne r2, ip

8000522: ea93 0f0c teqne r3, ip

8000526: d06f beq.n 8000608 <__aeabi_fmul+0xf8>

8000528: 441a add r2, r3

800052a: ea80 0c01 eor.w ip, r0, r1

800052e: 0240 lsls r0, r0, #9

8000530: bf18 it ne

8000532: ea5f 2141 movsne.w r1, r1, lsl #9

8000536: d01e beq.n 8000576 <__aeabi_fmul+0x66>

8000538: f04f 6300 mov.w r3, #134217728 ; 0x8000000

800053c: ea43 1050 orr.w r0, r3, r0, lsr #5

8000540: ea43 1151 orr.w r1, r3, r1, lsr #5

8000544: fba0 3101 umull r3, r1, r0, r1

8000548: f00c 4000 and.w r0, ip, #2147483648 ; 0x80000000

800054c: f5b1 0f00 cmp.w r1, #8388608 ; 0x800000

8000550: bf3e ittt cc

8000552: 0049 lslcc r1, r1, #1

8000554: ea41 71d3 orrcc.w r1, r1, r3, lsr #31

8000558: 005b lslcc r3, r3, #1

800055a: ea40 0001 orr.w r0, r0, r1

800055e: f162 027f sbc.w r2, r2, #127 ; 0x7f

8000562: 2afd cmp r2, #253 ; 0xfd

8000564: d81d bhi.n 80005a2 <__aeabi_fmul+0x92>

8000566: f1b3 4f00 cmp.w r3, #2147483648 ; 0x80000000

800056a: eb40 50c2 adc.w r0, r0, r2, lsl #23

800056e: bf08 it eq

8000570: f020 0001 biceq.w r0, r0, #1

8000574: 4770 bx lr

8000576: f090 0f00 teq r0, #0

800057a: f00c 4c00 and.w ip, ip, #2147483648 ; 0x80000000

800057e: bf08 it eq

8000580: 0249 lsleq r1, r1, #9

8000582: ea4c 2050 orr.w r0, ip, r0, lsr #9

8000586: ea40 2051 orr.w r0, r0, r1, lsr #9

800058a: 3a7f subs r2, #127 ; 0x7f

800058c: bfc2 ittt gt

800058e: f1d2 03ff rsbsgt r3, r2, #255 ; 0xff

8000592: ea40 50c2 orrgt.w r0, r0, r2, lsl #23

8000596: 4770 bxgt lr

8000598: f440 0000 orr.w r0, r0, #8388608 ; 0x800000

800059c: f04f 0300 mov.w r3, #0

80005a0: 3a01 subs r2, #1

80005a2: dc5d bgt.n 8000660 <__aeabi_fmul+0x150>

80005a4: f112 0f19 cmn.w r2, #25

80005a8: bfdc itt le

80005aa: f000 4000 andle.w r0, r0, #2147483648 ; 0x80000000

80005ae: 4770 bxle lr

80005b0: f1c2 0200 rsb r2, r2, #0

80005b4: 0041 lsls r1, r0, #1

80005b6: fa21 f102 lsr.w r1, r1, r2

80005ba: f1c2 0220 rsb r2, r2, #32

80005be: fa00 fc02 lsl.w ip, r0, r2

80005c2: ea5f 0031 movs.w r0, r1, rrx

80005c6: f140 0000 adc.w r0, r0, #0

80005ca: ea53 034c orrs.w r3, r3, ip, lsl #1

80005ce: bf08 it eq

80005d0: ea20 70dc biceq.w r0, r0, ip, lsr #31

80005d4: 4770 bx lr

80005d6: f092 0f00 teq r2, #0

80005da: f000 4c00 and.w ip, r0, #2147483648 ; 0x80000000

80005de: bf02 ittt eq

80005e0: 0040 lsleq r0, r0, #1

80005e2: f410 0f00 tsteq.w r0, #8388608 ; 0x800000

80005e6: 3a01 subeq r2, #1

80005e8: d0f9 beq.n 80005de <__aeabi_fmul+0xce>

80005ea: ea40 000c orr.w r0, r0, ip

80005ee: f093 0f00 teq r3, #0

80005f2: f001 4c00 and.w ip, r1, #2147483648 ; 0x80000000

80005f6: bf02 ittt eq

80005f8: 0049 lsleq r1, r1, #1

80005fa: f411 0f00 tsteq.w r1, #8388608 ; 0x800000

80005fe: 3b01 subeq r3, #1

8000600: d0f9 beq.n 80005f6 <__aeabi_fmul+0xe6>

8000602: ea41 010c orr.w r1, r1, ip

8000606: e78f b.n 8000528 <__aeabi_fmul+0x18>

8000608: ea0c 53d1 and.w r3, ip, r1, lsr #23

800060c: ea92 0f0c teq r2, ip

8000610: bf18 it ne

8000612: ea93 0f0c teqne r3, ip

8000616: d00a beq.n 800062e <__aeabi_fmul+0x11e>

8000618: f030 4c00 bics.w ip, r0, #2147483648 ; 0x80000000

800061c: bf18 it ne

800061e: f031 4c00 bicsne.w ip, r1, #2147483648 ; 0x80000000

8000622: d1d8 bne.n 80005d6 <__aeabi_fmul+0xc6>

8000624: ea80 0001 eor.w r0, r0, r1

8000628: f000 4000 and.w r0, r0, #2147483648 ; 0x80000000

800062c: 4770 bx lr

800062e: f090 0f00 teq r0, #0

8000632: bf17 itett ne

8000634: f090 4f00 teqne r0, #2147483648 ; 0x80000000

8000638: 4608 moveq r0, r1

800063a: f091 0f00 teqne r1, #0

800063e: f091 4f00 teqne r1, #2147483648 ; 0x80000000

8000642: d014 beq.n 800066e <__aeabi_fmul+0x15e>

8000644: ea92 0f0c teq r2, ip

8000648: d101 bne.n 800064e <__aeabi_fmul+0x13e>

800064a: 0242 lsls r2, r0, #9

800064c: d10f bne.n 800066e <__aeabi_fmul+0x15e>

800064e: ea93 0f0c teq r3, ip

8000652: d103 bne.n 800065c <__aeabi_fmul+0x14c>

8000654: 024b lsls r3, r1, #9

8000656: bf18 it ne

8000658: 4608 movne r0, r1

800065a: d108 bne.n 800066e <__aeabi_fmul+0x15e>

800065c: ea80 0001 eor.w r0, r0, r1

8000660: f000 4000 and.w r0, r0, #2147483648 ; 0x80000000

8000664: f040 40fe orr.w r0, r0, #2130706432 ; 0x7f000000

8000668: f440 0000 orr.w r0, r0, #8388608 ; 0x800000

800066c: 4770 bx lr

800066e: f040 40fe orr.w r0, r0, #2130706432 ; 0x7f000000

8000672: f440 0040 orr.w r0, r0, #12582912 ; 0xc00000

8000676: 4770 bx lr

And this is output from the same GCC version on Cortex-M4F (compiled with flags -mcpu=cortex-m4 -mthumb -mfloat-abi=hard -mfpu=fpv4-sp-d16 -ffast-math -fsingle-precision-constant):

After installation of fresh copy of PostgreSQL database server it is often required to configure proper localization settings. This helps to avoid messages like this:

1

ERROR: invalid locale name en_GB.utf8

where en_GB.utf8 is setting you want to have. In order to create a database with custom locale there are few steps one has to follow.

The first is to enable all locales you might want to use in PostgreSQL in your system config. On Debian, edit file /etc/locale.gen and uncomment lines with your locales names. In my case it looks like this:

1

2

3

4

5

(...)

# pl_PL ISO-8859-2

pl_PL.UTF-8 UTF-8

# ps_AF UTF-8

(...)

Then run command locale-gen which will generate system localization files.

1

2

3

4

5

# locale-gen

Generating locales (this might take a while)...

en_US.UTF-8... done

pl_PL.UTF-8... done

Generation complete.

I have two locales enabled: en_US.UTF-8 and pl_PL.UTF-8. Both of them should be available in PostgreSQL. To check that, switch user to postgres and run SQL console, psql:

Most of this is self-explanatory. Purposes of all parameters are explained in the documentation: CREATE DATABASE. Note, that there is template0 database used as a template. More on this you will find in the manual: Template Databases.

In my engineer degree work I used CoreMP7-enabled ProASIC3 Development Kit (part number M7A3P-DEV-KIT-SCS). In a time it was launched by Actel (acquired by Microsemi) it was one of the first attempts of creating a SoPC with soft ARM core available for wide market without royalties. This particular kit has M7A3P1000 chip with 484 balls, 1M system gates and can drive internal PLL up to 350 MHz, so it’s pretty powerful. There is 1 MB of on-board RAM and 16 MB of Intel FLASH.

ARM7TDMI-S processor itself is available as a compiled and pre-placed component that can be put into user system design in SmartDesign tool (part of Libero environment). Although one cannot simulate core directly due to the lack of HDL source files, there is a BFM script compiler which produces HDL testbenches simulating transfers over AHB system bus. User writes BFM (TCL-like) scripts as if they were processor read and write operations.

The board provides several ways of programming the device. FPGA configuration is loaded with on-board FlashPro3 programmer. The same tool can be used to program and debug software written for ARM processor via SoftConsole IDE (which is modified Eclipse software). Microsemi’s FlashPro3 debugger has serious limitation, however: it can only debug code running in RAM. It can program FLASH memory using additional application (cliarm.exe console) and on this its functionality ends. Producer didn’t left programmer without choice, there is additional JTAG header on board. It is called RV (RealView) header and can be connected with 20-wire (2×10) flat cable to regular JTAG programmer. This was the reason I installed and configured fresh Eclipse with CodeSourcery G++ Lite (now Mentor Graphics) version 2011.03-42 with GCC 4.5.2 and OpenOCD in version 0.4.0 (2010-02-22-19:05). Maybe in some further post I will discuss how to set up this environment, now let’s look how to connect a programmer to the ARM core.

I use device based on FT2232 (-C, -D, -L) chip, it is similar to Amontec JAGkey. This piece of hardware was designed by Freddie Chopin. It is has a standard JTAG dual-row pin header which easily connects with P3 connector on board:

M7A3P-DEV-KIT-SCS JTAG header schematics

The tricky part is how to connect the header to ARM processor. On the core side there are following connections:

SmartDesign CoreMP7Bridge

Note, that UJTAG group refers to the ports that have predefined physical design constraints – they are automatically connected in Designer I/O Attribute Editor. They serve as a JTAG connected to FlashPro3.

As you can see ports in RV_ICE_If group are not one-to-one compatible with pins on board. What you have to do is to make a HDL wrapper that will sort these pins and do some other actions to make things work. In this step extremely helpful was sample project distributed with board. Its sources are present on a CD or in ZIP downloaded from Actel’s website, in folder M7A3P_CDImage.zip/Disk1/Sample Design/. To get that idea look at file Hardware/Source/socTop.v. There is also an example on how to connect memories to CoreMemCtrl module.

Finally, I had to write OpenOCD configuration scripts. Traditionally, they are split in two: one referring to CPU-specific settings and second with settings related to board. Unlike in hard processor cores in CoreMP7 you are the one who designs memory map, so most probably both of these files must be altered before use. Be sure to read the comments!

If you read this you probably already know there’s not much information about designs in Actel/Microsemi devices in the Internet. Producer gives excellent documentation and examples, but that’s all. I am aware that my article hasn’t covered topic even in a small part. This FPGA/ARM7 board is also quite ancient device (odd, isn’t it? 2007 if I recall well…) and I have experience only with this specific one. But it finally worked, so feel free to encourage me to write more:-)